mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-24 15:17:02 +01:00
* options.skel: Note that keyserver.pgp.com isn't synchronized, and
explain the roundrobin a bit better. * sig-check.c (check_key_signature2), import.c (import_one, import_revoke_cert, chk_self_sigs, delete_inv_parts, collapse_uids, merge_blocks): Make much quieter during import of slightly munged, but recoverable, keys. Use log_error for unrecoverable import failures.
This commit is contained in:
parent
82dc505d6f
commit
9fb045f01c
@ -1,3 +1,14 @@
|
|||||||
|
2003-08-18 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* options.skel: Note that keyserver.pgp.com isn't synchronized,
|
||||||
|
and explain the roundrobin a bit better.
|
||||||
|
|
||||||
|
* sig-check.c (check_key_signature2), import.c (import_one,
|
||||||
|
import_revoke_cert, chk_self_sigs, delete_inv_parts,
|
||||||
|
collapse_uids, merge_blocks): Make much quieter during import of
|
||||||
|
slightly munged, but recoverable, keys. Use log_error for
|
||||||
|
unrecoverable import failures.
|
||||||
|
|
||||||
2003-08-12 David Shaw <dshaw@jabberwocky.com>
|
2003-08-12 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* keyring.c (keyring_rebuild_cache): Comment.
|
* keyring.c (keyring_rebuild_cache): Comment.
|
||||||
|
58
g10/import.c
58
g10/import.c
@ -582,7 +582,8 @@ import_one( const char *fname, KBNODE keyblock, int fast,
|
|||||||
|
|
||||||
/* It's really PKS corruption, not HKP corruption, but I won't
|
/* It's really PKS corruption, not HKP corruption, but I won't
|
||||||
change the string in stable. */
|
change the string in stable. */
|
||||||
if((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock))
|
if((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock)
|
||||||
|
&& opt.verbose)
|
||||||
log_info(_("key %08lX: HKP subkey corruption repaired\n"),
|
log_info(_("key %08lX: HKP subkey corruption repaired\n"),
|
||||||
(ulong)keyid[1]);
|
(ulong)keyid[1]);
|
||||||
|
|
||||||
@ -604,11 +605,9 @@ import_one( const char *fname, KBNODE keyblock, int fast,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if( !delete_inv_parts( fname, keyblock, keyid, options ) ) {
|
if( !delete_inv_parts( fname, keyblock, keyid, options ) ) {
|
||||||
if( !opt.quiet ) {
|
log_error( _("key %08lX: no valid user IDs\n"), (ulong)keyid[1]);
|
||||||
log_info( _("key %08lX: no valid user IDs\n"),
|
if( !opt.quiet )
|
||||||
(ulong)keyid[1]);
|
|
||||||
log_info(_("this may be caused by a missing self-signature\n"));
|
log_info(_("this may be caused by a missing self-signature\n"));
|
||||||
}
|
|
||||||
stats->no_user_id++;
|
stats->no_user_id++;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -898,7 +897,7 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
|
|||||||
pk = m_alloc_clear( sizeof *pk );
|
pk = m_alloc_clear( sizeof *pk );
|
||||||
rc = get_pubkey( pk, keyid );
|
rc = get_pubkey( pk, keyid );
|
||||||
if( rc == G10ERR_NO_PUBKEY ) {
|
if( rc == G10ERR_NO_PUBKEY ) {
|
||||||
log_info( _("key %08lX: no public key - "
|
log_error( _("key %08lX: no public key - "
|
||||||
"can't apply revocation certificate\n"), (ulong)keyid[1]);
|
"can't apply revocation certificate\n"), (ulong)keyid[1]);
|
||||||
rc = 0;
|
rc = 0;
|
||||||
goto leave;
|
goto leave;
|
||||||
@ -1042,6 +1041,8 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
if(!(unode->flag&1)) {
|
if(!(unode->flag&1)) {
|
||||||
rc = check_key_signature( keyblock, n, NULL);
|
rc = check_key_signature( keyblock, n, NULL);
|
||||||
if( rc )
|
if( rc )
|
||||||
|
{
|
||||||
|
if( opt.verbose )
|
||||||
{
|
{
|
||||||
char *p=utf8_to_native(unode->pkt->pkt.user_id->name,
|
char *p=utf8_to_native(unode->pkt->pkt.user_id->name,
|
||||||
strlen(unode->pkt->pkt.user_id->name),0);
|
strlen(unode->pkt->pkt.user_id->name),0);
|
||||||
@ -1053,6 +1054,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
(ulong)keyid[1],p);
|
(ulong)keyid[1],p);
|
||||||
m_free(p);
|
m_free(p);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
else
|
else
|
||||||
unode->flag |= 1; /* mark that signature checked */
|
unode->flag |= 1; /* mark that signature checked */
|
||||||
}
|
}
|
||||||
@ -1063,6 +1065,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
revocation targets, this may need to be revised. */
|
revocation targets, this may need to be revised. */
|
||||||
|
|
||||||
if( !knode ) {
|
if( !knode ) {
|
||||||
|
if(opt.verbose)
|
||||||
log_info( _("key %08lX: no subkey for key binding\n"),
|
log_info( _("key %08lX: no subkey for key binding\n"),
|
||||||
(ulong)keyid[1]);
|
(ulong)keyid[1]);
|
||||||
n->flag |= 4; /* delete this */
|
n->flag |= 4; /* delete this */
|
||||||
@ -1070,7 +1073,8 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
else {
|
else {
|
||||||
rc = check_key_signature( keyblock, n, NULL);
|
rc = check_key_signature( keyblock, n, NULL);
|
||||||
if( rc ) {
|
if( rc ) {
|
||||||
log_info( rc == G10ERR_PUBKEY_ALGO ?
|
if(opt.verbose)
|
||||||
|
log_info(rc == G10ERR_PUBKEY_ALGO ?
|
||||||
_("key %08lX: unsupported public key algorithm\n"):
|
_("key %08lX: unsupported public key algorithm\n"):
|
||||||
_("key %08lX: invalid subkey binding\n"),
|
_("key %08lX: invalid subkey binding\n"),
|
||||||
(ulong)keyid[1]);
|
(ulong)keyid[1]);
|
||||||
@ -1084,6 +1088,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
bsnode->flag|=4; /* Delete the last binding
|
bsnode->flag|=4; /* Delete the last binding
|
||||||
sig since this one is
|
sig since this one is
|
||||||
newer */
|
newer */
|
||||||
|
if(opt.verbose)
|
||||||
log_info(_("key %08lX: removed multiple subkey "
|
log_info(_("key %08lX: removed multiple subkey "
|
||||||
"binding\n"),(ulong)keyid[1]);
|
"binding\n"),(ulong)keyid[1]);
|
||||||
}
|
}
|
||||||
@ -1104,6 +1109,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
See the comment in getkey.c:merge_selfsigs_subkey for
|
See the comment in getkey.c:merge_selfsigs_subkey for
|
||||||
more */
|
more */
|
||||||
if( !knode ) {
|
if( !knode ) {
|
||||||
|
if(opt.verbose)
|
||||||
log_info( _("key %08lX: no subkey for key revocation\n"),
|
log_info( _("key %08lX: no subkey for key revocation\n"),
|
||||||
(ulong)keyid[1]);
|
(ulong)keyid[1]);
|
||||||
n->flag |= 4; /* delete this */
|
n->flag |= 4; /* delete this */
|
||||||
@ -1111,10 +1117,12 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
else {
|
else {
|
||||||
rc = check_key_signature( keyblock, n, NULL);
|
rc = check_key_signature( keyblock, n, NULL);
|
||||||
if( rc ) {
|
if( rc ) {
|
||||||
log_info( rc == G10ERR_PUBKEY_ALGO ?
|
if(opt.verbose)
|
||||||
|
log_info(rc == G10ERR_PUBKEY_ALGO ?
|
||||||
_("key %08lX: unsupported public key algorithm\n"):
|
_("key %08lX: unsupported public key algorithm\n"):
|
||||||
_("key %08lX: invalid subkey revocation\n"),
|
_("key %08lX: invalid subkey revocation\n"),
|
||||||
(ulong)keyid[1]);
|
(ulong)keyid[1]);
|
||||||
|
|
||||||
n->flag|=4;
|
n->flag|=4;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -1124,6 +1132,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
rsnode->flag|=4; /* Delete the last revocation
|
rsnode->flag|=4; /* Delete the last revocation
|
||||||
sig since this one is
|
sig since this one is
|
||||||
newer */
|
newer */
|
||||||
|
if(opt.verbose)
|
||||||
log_info(_("key %08lX: removed multiple subkey "
|
log_info(_("key %08lX: removed multiple subkey "
|
||||||
"revocation\n"),(ulong)keyid[1]);
|
"revocation\n"),(ulong)keyid[1]);
|
||||||
}
|
}
|
||||||
@ -1210,18 +1219,18 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
|
|||||||
* to import non-exportable signature when we have the
|
* to import non-exportable signature when we have the
|
||||||
* the secret key used to create this signature - it
|
* the secret key used to create this signature - it
|
||||||
* seems that this makes sense */
|
* seems that this makes sense */
|
||||||
|
if(opt.verbose)
|
||||||
log_info( _("key %08lX: non exportable signature "
|
log_info( _("key %08lX: non exportable signature "
|
||||||
"(class %02x) - skipped\n"),
|
"(class %02x) - skipped\n"),
|
||||||
(ulong)keyid[1],
|
(ulong)keyid[1], node->pkt->pkt.signature->sig_class );
|
||||||
node->pkt->pkt.signature->sig_class );
|
|
||||||
delete_kbnode( node );
|
delete_kbnode( node );
|
||||||
}
|
}
|
||||||
else if( node->pkt->pkttype == PKT_SIGNATURE
|
else if( node->pkt->pkttype == PKT_SIGNATURE
|
||||||
&& node->pkt->pkt.signature->sig_class == 0x20 ) {
|
&& node->pkt->pkt.signature->sig_class == 0x20 ) {
|
||||||
if( uid_seen ) {
|
if( uid_seen ) {
|
||||||
log_error( _("key %08lX: revocation certificate "
|
if(opt.verbose)
|
||||||
"at wrong place - skipped\n"),
|
log_info( _("key %08lX: revocation certificate "
|
||||||
(ulong)keyid[1]);
|
"at wrong place - skipped\n"), (ulong)keyid[1]);
|
||||||
delete_kbnode( node );
|
delete_kbnode( node );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -1236,7 +1245,8 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
|
|||||||
int rc = check_key_signature( keyblock, node, NULL);
|
int rc = check_key_signature( keyblock, node, NULL);
|
||||||
if( rc )
|
if( rc )
|
||||||
{
|
{
|
||||||
log_error( _("key %08lX: invalid revocation "
|
if(opt.verbose)
|
||||||
|
log_info( _("key %08lX: invalid revocation "
|
||||||
"certificate: %s - skipped\n"),
|
"certificate: %s - skipped\n"),
|
||||||
(ulong)keyid[1], g10_errstr(rc));
|
(ulong)keyid[1], g10_errstr(rc));
|
||||||
delete_kbnode( node );
|
delete_kbnode( node );
|
||||||
@ -1248,15 +1258,16 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
|
|||||||
(node->pkt->pkt.signature->sig_class == 0x18 ||
|
(node->pkt->pkt.signature->sig_class == 0x18 ||
|
||||||
node->pkt->pkt.signature->sig_class == 0x28) &&
|
node->pkt->pkt.signature->sig_class == 0x28) &&
|
||||||
!subkey_seen ) {
|
!subkey_seen ) {
|
||||||
log_error( _("key %08lX: subkey signature "
|
if(opt.verbose)
|
||||||
"in wrong place - skipped\n"),
|
log_info( _("key %08lX: subkey signature "
|
||||||
(ulong)keyid[1]);
|
"in wrong place - skipped\n"), (ulong)keyid[1]);
|
||||||
delete_kbnode( node );
|
delete_kbnode( node );
|
||||||
}
|
}
|
||||||
else if( node->pkt->pkttype == PKT_SIGNATURE
|
else if( node->pkt->pkttype == PKT_SIGNATURE
|
||||||
&& !IS_CERT(node->pkt->pkt.signature))
|
&& !IS_CERT(node->pkt->pkt.signature))
|
||||||
{
|
{
|
||||||
log_error(_("key %08lX: unexpected signature class (0x%02X) -"
|
if(opt.verbose)
|
||||||
|
log_info(_("key %08lX: unexpected signature class (0x%02X) -"
|
||||||
" skipped\n"),(ulong)keyid[1],
|
" skipped\n"),(ulong)keyid[1],
|
||||||
node->pkt->pkt.signature->sig_class);
|
node->pkt->pkt.signature->sig_class);
|
||||||
delete_kbnode(node);
|
delete_kbnode(node);
|
||||||
@ -1354,6 +1365,7 @@ collapse_uids( KBNODE *keyblock )
|
|||||||
kid1 = keyid_from_sk( n->pkt->pkt.secret_key, NULL );
|
kid1 = keyid_from_sk( n->pkt->pkt.secret_key, NULL );
|
||||||
else
|
else
|
||||||
kid1 = 0;
|
kid1 = 0;
|
||||||
|
if(!opt.quiet)
|
||||||
log_info(_("key %08lX: duplicated user ID detected - merged\n"),
|
log_info(_("key %08lX: duplicated user ID detected - merged\n"),
|
||||||
(ulong)kid1);
|
(ulong)kid1);
|
||||||
|
|
||||||
@ -1478,17 +1490,20 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if( !found ) {
|
if( !found ) {
|
||||||
char *p=get_user_id_printable (keyid);
|
|
||||||
KBNODE n2 = clone_kbnode(node);
|
KBNODE n2 = clone_kbnode(node);
|
||||||
insert_kbnode( keyblock_orig, n2, 0 );
|
insert_kbnode( keyblock_orig, n2, 0 );
|
||||||
n2->flag |= 1;
|
n2->flag |= 1;
|
||||||
++*n_sigs;
|
++*n_sigs;
|
||||||
log_info(_("key %08lX: \"%s\" revocation certificate added\n"),
|
if(!opt.quiet)
|
||||||
(ulong)keyid[1],p);
|
{
|
||||||
|
char *p=get_user_id_printable (keyid);
|
||||||
|
log_info(_("key %08lX: \"%s\" revocation "
|
||||||
|
"certificate added\n"), (ulong)keyid[1],p);
|
||||||
m_free(p);
|
m_free(p);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* 2nd: merge in any direct key (0x1F) sigs */
|
/* 2nd: merge in any direct key (0x1F) sigs */
|
||||||
for(node=keyblock->next; node; node=node->next ) {
|
for(node=keyblock->next; node; node=node->next ) {
|
||||||
@ -1514,6 +1529,7 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
|
|||||||
insert_kbnode( keyblock_orig, n2, 0 );
|
insert_kbnode( keyblock_orig, n2, 0 );
|
||||||
n2->flag |= 1;
|
n2->flag |= 1;
|
||||||
++*n_sigs;
|
++*n_sigs;
|
||||||
|
if(!opt.quiet)
|
||||||
log_info( _("key %08lX: direct key signature added\n"),
|
log_info( _("key %08lX: direct key signature added\n"),
|
||||||
(ulong)keyid[1]);
|
(ulong)keyid[1]);
|
||||||
}
|
}
|
||||||
|
@ -109,8 +109,12 @@
|
|||||||
# regarding proxies (keyserver option honor-http-proxy)
|
# regarding proxies (keyserver option honor-http-proxy)
|
||||||
#
|
#
|
||||||
# Most users just set the name and type of their preferred keyserver.
|
# Most users just set the name and type of their preferred keyserver.
|
||||||
# Most servers do synchronize with each other and DNS round-robin may
|
# Note that most servers (with the notable exception of
|
||||||
# give you a quasi-random server each time.
|
# ldap://keyserver.pgp.com) synchronize changes with each other. Note
|
||||||
|
# also that a single server name may actually point to multiple
|
||||||
|
# servers via DNS round-robin. hkp://subkeys.pgp.net is an example of
|
||||||
|
# such a "server", which spreads the load over a number of physical
|
||||||
|
# servers.
|
||||||
|
|
||||||
keyserver hkp://subkeys.pgp.net
|
keyserver hkp://subkeys.pgp.net
|
||||||
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
|
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
|
||||||
|
@ -558,7 +558,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
|||||||
md_close(md);
|
md_close(md);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (!opt.quiet)
|
if (opt.verbose)
|
||||||
log_info (_("key %08lX: no subkey for subkey "
|
log_info (_("key %08lX: no subkey for subkey "
|
||||||
"revocation packet\n"),
|
"revocation packet\n"),
|
||||||
(ulong)keyid_from_pk (pk, NULL));
|
(ulong)keyid_from_pk (pk, NULL));
|
||||||
|
Loading…
x
Reference in New Issue
Block a user